{"id":5589,"date":"2014-05-22T17:49:43","date_gmt":"2014-05-22T21:49:43","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=5589"},"modified":"2014-05-22T17:49:43","modified_gmt":"2014-05-22T21:49:43","slug":"zero-day-initiative-issues-advisory-about-an-unpatched-security-vulnerability-in-ie8","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/05\/22\/zero-day-initiative-issues-advisory-about-an-unpatched-security-vulnerability-in-ie8\/","title":{"rendered":"Zero Day Initiative issues advisory about an unpatched security vulnerability in IE8"},"content":{"rendered":"

<\/a><\/p>\n

Microsoft hasn’t fixed a critical IE8 security flaw that was reported to the company back in October 2013, according to an advisory published yesterday by HP\u2019s Zero Day Initiative (ZDI). The bug was discovered by Belgian researcher Peter Van Eeckhoutte.<\/p>\n

According to the report, the bug allows an attacker to execute malicious code on computers running IE8 when users visit a website designed to exploit it. This could be done by sending the victim an email or instant message that, if clicked, would lead to the attack.<\/p>\n

“An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user”, the report said.<\/p>\n

ZDI is a program that rewards computer security researchers for identifying software bugs. Information on a security flaw is kept secret for a period of six months so a software vendor can patch it. ZDI said it had told the software giant on May 8 that it intended to publish details of the flaw.<\/p>\n

Although the reason behind Microsoft’s decision to leave the flaw unpatched remains unclear, the Redmond-based company said it is yet to see an active exploit of the zero-day flaw.<\/p>\n

Microsoft recommended that people using the affected browser set Internet security zone settings to “high” to block ActiveX Controls and Active Scripting, and install its Enhanced Mitigation Experience Toolkit (EMET).<\/p>\n

The disclosure comes on the heels of a major zero-day exploit that affected IE 6 through 11. The bug forced Microsoft to release an emergency patch a few days later.<\/p>\n

via Zero Day Initiative issues advisory about an unpatched security vulnerability in IE8 – TechSpot<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft hasn’t fixed a critical IE8 security flaw that was reported to the company back in October 2013, according to […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5,11],"tags":[341,539],"class_list":["post-5589","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-windows","tag-exploit","tag-internet-explorer-8"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1s9","jetpack-related-posts":[{"id":9452,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/19\/internal-bug-discovery-security-now-693\/","url_meta":{"origin":5589,"position":0},"title":"Internal Bug Discovery – Security Now 693","author":"NCCT","date":"November 19, 2018","format":false,"excerpt":"https:\/\/youtu.be\/ClVI9PMQGCY Australia vs Encryption, Google+ Bugs Hasten its Demise -- Australia's recently passed anti-encryption legislation -- Details of a couple more mega-breaches including a bit of Marriott follow-up -- A welcome call for legislation from Microsoft -- A new twist on online advertising click fraud -- The DHS is interested\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ClVI9PMQGCY\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9330,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/03\/security-now-657-protonmail\/","url_meta":{"origin":5589,"position":1},"title":"Security Now 657: ProtonMail","author":"NCCT","date":"April 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/OeSZg-ph3Ns This week we discuss \"DrupalGeddon2\", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an ill-fated-seeming new eMail initiative, Free electricity, a policy change at\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/OeSZg-ph3Ns\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9910,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/02\/11\/slap-and-flop-siri-ios-18-3-update-apple-music\/","url_meta":{"origin":5589,"position":2},"title":"Slap and Flop – Siri, iOS 18.3 Update, Apple Music","author":"NCCT","date":"February 11, 2025","format":false,"excerpt":"https:\/\/youtu.be\/Xwqi58VczQ4 What's going on with Siri? iOS 18.3 update is out now, along with a fix to a zero-day flaw. You can buy iPhones on eBay with TikTok installed on them as TikTok is still not available for download on the App Store. And on January 27th, 2010, Steve Jobs\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/Xwqi58VczQ4\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9526,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/03\/03\/outrage-moms-this-week-in-tech-708\/","url_meta":{"origin":5589,"position":3},"title":"Outrage Moms – This Week in Tech 708","author":"NCCT","date":"March 3, 2019","format":false,"excerpt":"https:\/\/youtu.be\/rzRHMGNsnyI The end of smart-phones, AI fake people, Elon in the ditch again, and more. -- MWC 2019 and the Future of Smartphones and Wearables -- This Person Does Not Exist -- OpenAI and the Text Generator Too Dangerous to Exist -- Outrage Mobs and Twitter -- China's Social Credit\u2026","rel":"","context":"In "Technology"","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/rzRHMGNsnyI\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9902,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/02\/11\/tpm-2-0-is-not-required-for-windows-11\/","url_meta":{"origin":5589,"position":4},"title":"TPM 2.0 Is Not Required for Windows 11","author":"NCCT","date":"February 11, 2025","format":false,"excerpt":"https:\/\/youtu.be\/yjjCbOOpREg On Security Now, Steve Gibson talks about Microsofrt dropping the TPM 2.0 requirement from Windows 11.","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/yjjCbOOpREg\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9391,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/08\/12\/this-week-in-tech-679-hotbox-the-waymo\/","url_meta":{"origin":5589,"position":5},"title":"This Week in Tech 679: Hotbox the Waymo","author":"NCCT","date":"August 12, 2018","format":false,"excerpt":"https:\/\/youtu.be\/r0sh0kx0ksQ This Week in Tech Galaxy Note 9, vote hacking, Android Q quandary, robot dogs, and more. --Samsung Announces the Galaxy Note 9, Galaxy Watch, and Galaxy Home musical cauldron. --What is AI? --Self-driving roll-out is increasing. --Amazon wants you to pick up groceries at Whole Foods, and wishes you\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/r0sh0kx0ksQ\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=5589"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5589\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=5589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=5589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=5589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}